Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/5043fb-ccac-4fb6-869d-48e30e2f7c36/1/t-o-hIyUG4RAiLaX8SjjDbXbbws.roa
File:                     t-o-hIyUG4RAiLaX8SjjDbXbbws.roa (raw, json)
Hash identifier:          7G8WQ9gmU8MycohlGhVRqhgLmDAMiEEAgQZF4VBf/4o=
Subject key identifier:   B7:EA:3E:84:8C:94:1B:84:40:88:B6:97:F1:28:E3:0D:B5:DB:6F:0B
Certificate issuer:       /CN=350045f7d83ceb130d8d695ffe7d43db3819de55
Certificate serial:       018CC49392151CF3578D30774802D16A3DF8
Authority key identifier: 35:00:45:F7:D8:3C:EB:13:0D:8D:69:5F:FE:7D:43:DB:38:19:DE:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NQBF99g86xMNjWlf_n1D2zgZ3lU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/5043fb-ccac-4fb6-869d-48e30e2f7c36/1/t-o-hIyUG4RAiLaX8SjjDbXbbws.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        185.98.152.0/22 maxlen: 22
                          2a01:a480::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/5043fb-ccac-4fb6-869d-48e30e2f7c36/1/NQBF99g86xMNjWlf_n1D2zgZ3lU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/5043fb-ccac-4fb6-869d-48e30e2f7c36/1/NQBF99g86xMNjWlf_n1D2zgZ3lU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NQBF99g86xMNjWlf_n1D2zgZ3lU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:92:15:1c:f3:57:8d:30:77:48:02:d1:6a:3d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=350045f7d83ceb130d8d695ffe7d43db3819de55
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7ea3e848c941b844088b697f128e30db5db6f0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:eb:25:97:57:99:21:47:cb:7d:40:ca:3c:2b:
                    f3:e4:ca:98:e6:96:41:10:76:9f:ad:f5:c3:b4:12:
                    ef:2a:87:af:27:81:86:51:7c:06:87:f1:b3:48:fe:
                    50:e3:e8:a8:3a:4d:54:0e:9a:60:99:db:ee:10:6d:
                    c5:bc:16:8c:7a:a4:52:cb:0f:ba:91:18:c2:12:cd:
                    10:56:a5:6e:9c:50:bc:dd:c1:07:89:b7:e3:ba:eb:
                    dd:6f:22:ba:8d:9d:51:de:58:75:16:43:81:5a:c7:
                    3f:03:00:17:a8:ec:31:81:f6:ad:1e:cc:c4:f5:da:
                    d6:23:26:ad:e8:43:79:e5:eb:46:54:bd:c2:94:1c:
                    08:54:f1:84:15:8e:81:25:22:5d:b6:95:3e:23:ee:
                    2d:72:86:15:6d:c9:4f:67:fb:6a:5a:0a:6a:6f:d9:
                    a8:dd:46:b7:70:fc:55:87:74:78:f0:b8:b1:75:5e:
                    16:dd:3e:ea:dc:46:5f:ba:c9:89:33:93:45:dd:2f:
                    bd:f1:33:ef:2d:8c:94:51:88:3b:24:7e:31:2f:a1:
                    c6:60:69:ef:8a:46:ef:82:66:8c:fb:f4:f5:a7:60:
                    8d:65:ed:6f:68:3d:f6:74:56:92:b7:fa:b2:6e:b7:
                    c3:5f:ee:89:d8:62:33:37:2e:97:2d:a6:c6:18:b7:
                    02:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:EA:3E:84:8C:94:1B:84:40:88:B6:97:F1:28:E3:0D:B5:DB:6F:0B
            X509v3 Authority Key Identifier:
                keyid:35:00:45:F7:D8:3C:EB:13:0D:8D:69:5F:FE:7D:43:DB:38:19:DE:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NQBF99g86xMNjWlf_n1D2zgZ3lU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/5043fb-ccac-4fb6-869d-48e30e2f7c36/1/t-o-hIyUG4RAiLaX8SjjDbXbbws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/5043fb-ccac-4fb6-869d-48e30e2f7c36/1/NQBF99g86xMNjWlf_n1D2zgZ3lU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.152.0/22
                IPv6:
                  2a01:a480::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:f7:89:8c:ca:fd:18:ad:dd:12:78:fa:c0:00:53:6c:47:8f:
         eb:50:40:72:24:65:6c:09:48:f4:4e:85:3c:c4:ff:aa:65:e5:
         54:ee:25:de:08:37:e7:41:af:c5:89:ec:53:5e:5d:16:0c:c0:
         0f:07:eb:25:b8:ac:cf:be:67:a7:b3:6e:53:97:7b:5f:fb:51:
         54:b9:73:68:7a:9c:59:d2:13:92:93:1c:eb:13:f3:e2:dc:44:
         cc:bc:99:73:57:fc:c8:c0:29:77:d1:6e:a6:a6:f4:35:28:8d:
         67:cb:96:05:12:3a:49:d9:6e:a8:3f:1e:66:fa:46:c0:b2:18:
         b6:ee:83:c5:8d:bb:6c:93:cf:c4:45:76:89:e7:48:48:cb:65:
         ec:23:42:32:20:41:98:5f:9a:dd:a9:38:e7:0a:63:22:8c:8b:
         8c:c2:44:1c:dd:e4:0a:a7:df:23:32:db:39:18:36:9e:92:06:
         c6:da:11:9b:63:ad:6d:55:77:0a:2f:06:aa:e7:f1:02:2c:4b:
         14:6d:3a:44:ab:1b:40:75:3d:83:b8:cb:5e:25:52:bf:77:71:
         52:39:0e:3a:7f:44:d0:db:bc:5c:58:be:04:f7:e5:23:97:71:
         5a:6a:69:c4:ec:a5:65:5c:f1:a3:44:c8:e2:11:a5:d9:64:bb:
         f5:a4:83:15
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk5IVHPNXjTB3SALRaj34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MDA0NWY3ZDgzY2ViMTMwZDhkNjk1ZmZlN2Q0M2RiMzgx
OWRlNTUwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2VhM2U4NDhjOTQxYjg0NDA4OGI2OTdmMTI4ZTMwZGI1ZGI2ZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOsll1eZIUfLfUDKPCvz5MqY5pZB
EHafrfXDtBLvKoevJ4GGUXwGh/GzSP5Q4+ioOk1UDppgmdvuEG3FvBaMeqRSyw+6
kRjCEs0QVqVunFC83cEHibfjuuvdbyK6jZ1R3lh1FkOBWsc/AwAXqOwxgfatHszE
9drWIyat6EN55etGVL3ClBwIVPGEFY6BJSJdtpU+I+4tcoYVbclPZ/tqWgpqb9mo
3Ua3cPxVh3R48LixdV4W3T7q3EZfusmJM5NF3S+98TPvLYyUUYg7JH4xL6HGYGnv
ikbvgmaM+/T1p2CNZe1vaD32dFaSt/qybrfDX+6J2GIzNy6XLabGGLcCiwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLfqPoSMlBuEQIi2l/Eo4w21228LMB8GA1UdIwQY
MBaAFDUARffYPOsTDY1pX/59Q9s4Gd5VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlFCRjk5Zzg2eE1OaldsZl9uMUQyemdaM2xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS81MDQzZmItY2NhYy00ZmI2LTg2OWQt
NDhlMzBlMmY3YzM2LzEvdC1vLWhJeVVHNFJBaUxhWDhTampEYlhiYndzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS81MDQzZmItY2NhYy00ZmI2LTg2OWQtNDhlMzBlMmY3YzM2
LzEvTlFCRjk5Zzg2eE1OaldsZl9uMUQyemdaM2xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWKYMA0E
AgACMAcDBQAqAaSAMA0GCSqGSIb3DQEBCwUAA4IBAQBk94mMyv0Yrd0SePrAAFNs
R4/rUEByJGVsCUj0ToU8xP+qZeVU7iXeCDfnQa/FiexTXl0WDMAPB+sluKzPvmen
s25Tl3tf+1FUuXNoepxZ0hOSkxzrE/Pi3ETMvJlzV/zIwCl30W6mpvQ1KI1ny5YF
EjpJ2W6oPx5m+kbAshi27oPFjbtsk8/ERXaJ50hIy2XsI0IyIEGYX5rdqTjnCmMi
jIuMwkQc3eQKp98jMts5GDaekgbG2hGbY61tVXcKLwaq5/ECLEsUbTpEqxtAdT2D
uMteJVK/d3FSOQ46f0TQ27xcWL4E9+Ujl3FaamnE7KVlXPGjRMjiEaXZZLv1pIMV
-----END CERTIFICATE-----